CFO Ivan Kallevik describes Norsk Hydro ASA cyber-attack as “severe”

One of the world’s biggest producers of aluminium has been subject to a cyber attack affecting operations in the U.S. and Europe. Norsk Hydro of Norway, which employs more than 35,00 people in 40 countries^[1], has been extensively hit with ransomware, which has resulted in their entire worldwide network to go down. As of the moment of publication, the company’s downstream operations (extrusion and rolling) is experiencing “temporary stoppage” and “production challenges”.

The company’s website is currently down, although they released a webcast (press release) on the cyber-attack at 15:00 (Central European Time) linked to their Facebook page. The webcast featured CFO Ivan Kallevik and Bente Hoff director of Cybersecurity, Norwegian National Security Authority (NSM) sharing limited information on the attack. Hydro is currently posting all updates through their Facebook page.

Hydro reported that at around 00:00 (Central European Time) on Monday 18^th March 2019, IT experts noticed unusual activity on their servers within their global IT systems. This activity was later classified as a ransomware cyber-attack. As with most ransomware attacks,  Ivan Kallevik confirmed, the company has found an open text file with the contact of the alleged perpetrators’ details who need to be contacted to restore the operations. The company did not disclose the requested ransom amount or the contacts.

Hydro has reported that they have now isolated all their factories from the global network to stop the virus spreading. At some of their factories, employees are using printed orders unable to log into computers. Staff worldwide are also using mobile phones and tablets to access their emails. Other facilities including its power plants are currently functioning normally.

Internal and external IT experts are working around the clock to resolve the incident, Hydro has confirmed they have cyber insurance and plan to restore systems today using back-up data. Following the cyber attack, shares in Hydro fell as much as 3.4 per cent but recovered to stand down 0.6 per cent in Tuesday afternoon trade.^[2]

In Hydro’s webcast, the NSM confirmed that they believed the attack originated in the U.S and were investigating the possibility that the cyber attack was caused by LockerGoga, a relatively new type of ransomware. However, this has not yet been confirmed. There has been no news on the attribution of the attack to either known or new bad actors.

This is the latest attack in the commodity and manufacturing sector which can have detrimental consequences to demand, supply, revenue and shares. Other large companies who have been subject to a cyber-attack so far include shipping company AP Moller-Maersk, Saudi oil company Aramco, agriculture trader Archer-Daniels-Midlands Co.

How will it evolve for Norsk Hydro?

[1] https://www.bbc.co.uk/news/technology-47624207
[2]https://www.ft.com/content/7d93a6be-4a36-11e9-bbc9-6917dce3dc62